Agency Information Collection Activities: Comment Request

Issuing agencies

Abstract

The National Center for Science and Engineering Statistics (NCSES) within the National Science Foundation invites the general public and other federal agencies to comment on a renewal for a proposed information collection, OMB control number 3145-0278. NCSES plans to collect information from individuals to fulfill its data security requirements when providing the individual with access to restricted use microdata for the purpose of evidence building. NCSES's data security agreements and other paperwork along with the corresponding security protocols allow the agency to maintain careful controls on confidentiality and privacy, as required by law. The purpose of this notice is to allow for 60 days of public comment on the proposed data security information collection, prior to submission of the information collection request (ICR) to the Office of Management and Budget (OMB).

Full Text

<html>
<head>
<title>Federal Register, Volume 91 Issue 25 (Friday, February 6, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 25 (Friday, February 6, 2026)]
[Notices]
[Pages 5515-5518]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2026-02447]


=======================================================================
-----------------------------------------------------------------------

NATIONAL SCIENCE FOUNDATION


Agency Information Collection Activities: Comment Request

AGENCY: National Center for Science and Engineering Statistics, 
National Science Foundation.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The National Center for Science and Engineering Statistics 
(NCSES) within the National Science Foundation invites the general 
public and other federal agencies to comment on a renewal for a 
proposed information collection, OMB control number 3145-0278. NCSES 
plans to collect information from individuals to fulfill

[[Page 5516]]

its data security requirements when providing the individual with 
access to restricted use microdata for the purpose of evidence 
building. NCSES's data security agreements and other paperwork along 
with the corresponding security protocols allow the agency to maintain 
careful controls on confidentiality and privacy, as required by law. 
The purpose of this notice is to allow for 60 days of public comment on 
the proposed data security information collection, prior to submission 
of the information collection request (ICR) to the Office of Management 
and Budget (OMB).

DATES: Written comments on this notice must be received by April 7, 
2026 to be assured of consideration. Comments received after that date 
will be considered to the extent practicable. Send comments to the 
address below.

ADDRESSES: Suzanne H. Plimpton, Reports Clearance Officer, National 
Science Foundation, 401 Dulaney Street, Alexandria, Virginia 22314; 
telephone (703) 292-7556; or send email to <a href="/cdn-cgi/l/email-protection#4734372b2e2a3733280729342169202831"><span class="__cf_email__" data-cfemail="443734282d2934302b042a37226a232b32">[email&#160;protected]</span></a>. 
Individuals who use a telecommunications device for the deaf (TDD) may 
call the Federal Information Relay Service (FIRS) at 1-800-877-8339, 
which is accessible 24 hours a day, 7 days a week, 365 days a year 
(including Federal holidays).
    Comments: Comments are invited on (a) whether the proposed 
collection of information is necessary for the proper performance of 
the functions of NCSES, including whether the information will have 
practical utility; (b) the accuracy of NCSES estimate of the burden of 
the proposed collection of information; (c) ways to enhance the 
quality, use, and clarity of the information on respondents, including 
through the use of automated collection techniques or other forms of 
information technology; and (d) ways to minimize the burden of the 
collection of information on those who are to respond, including 
through the use of appropriate automated, electronic, mechanical, or 
other technological collection techniques or other forms of information 
technology.

SUPPLEMENTARY INFORMATION: The Foundations for Evidence-Based 
Policymaking Act of 2018 mandates that the Office of Management and 
Budget (OMB) establish a Standard Application Process (SAP) for 
requesting access to certain confidential data assets. While the 
adoption of the SAP is required for statistical agencies and units 
designated under the Confidential Information Protection and 
Statistical Efficiency Act of 2018, it is recognized that other 
agencies and organizational units within the Executive branch may 
benefit from the adoption of the SAP to accept applications for access 
to confidential data assets. The SAP is a process through which 
agencies, the Congressional Budget Office, State, local, and Tribal 
governments, researchers, and other individuals, as appropriate, may 
apply to access confidential data assets held by a federal statistical 
agency or unit for the purpose of developing evidence. With the 
Interagency Council on Statistical Policy (ICSP) as advisors, the 
entities upon whom this requirement is levied worked with the SAP 
Project Management Office (PMO) and with OMB to implement the SAP. The 
SAP Portal is a single web-based common application for requesting 
access to confidential data assets from federal statistical agencies 
and units. The information collected through the SAP Portal is approved 
under an ICR, OMB control number 3145-0271.
    Once an application for confidential data is approved through the 
SAP Portal, NCSES plans to collect information to meet its data 
security requirements. This proposed collection would occur outside of 
the SAP Portal.
    Title of Collection: Data Security Requirements for Accessing 
Confidential Data.
    OMB Control Number: 3145-0278.
    Expiration Date of Current Approval: July 31, 2026.
    Type of Request: Intent to seek approval to collect information to 
fulfill NCSES's security requirements allowing individuals to access 
confidential data assets for the purposes of building evidence.
    Abstract:
    Title III of the Foundations for Evidence-Based Policymaking Act of 
2018 (hereafter referred to as the Evidence Act) mandates that OMB 
establish a Standard Application Process (SAP) for requesting access to 
certain confidential data assets. Specifically, the Evidence Act 
requires OMB to establish a common application process through which 
agencies, the Congressional Budget Office, State, local, and Tribal 
governments, researchers, and other individuals, as appropriate, may 
apply for access to confidential data assets collected, accessed, or 
acquired by a statistical agency or unit. This process was implemented 
while maintaining stringent controls to protect confidentiality and 
privacy, as required by law.
    Data collected, accessed, or acquired by statistical agencies and 
units is vital for developing evidence on the characteristics and 
behaviors of the public and on the operations and outcomes of public 
programs and policies. This evidence can benefit the stakeholders in 
the programs, the broader public, as well as policymakers and program 
managers at the local, State, Tribal, and National levels. The many 
benefits of access to data for evidence building notwithstanding, NCSES 
is required by law to maintain careful controls that allow it to 
minimize disclosure risk while protecting confidentiality and privacy. 
The fulfillment of NCSES's data security requirements places a degree 
of burden on individuals, which is outlined below.
    The SAP Portal is a web-based application to allow individuals to 
request access to confidential data assets from federal statistical 
agencies and units. The objective of the SAP Portal is to broaden 
access to confidential data for the purposes of evidence building and 
reduce the burden of applying for confidential data. Once an 
individual's application in the SAP Portal has received a positive 
determination, the data-owning agency(ies) or unit(s) begin the process 
of collecting information to fulfill their data security requirements.
    The paragraphs below outline the SAP Policy, the steps to complete 
an application through the SAP Portal, and the process NCSES proposed 
to use to collect information fulfilling its data security 
requirements.

The SAP Policy

    At the recommendation of the ICSP, the SAP Policy established the 
SAP to be implemented by statistical agencies and units and incorporate 
directives from the Evidence Act. The policy is intended to provide 
guidance as to the application and review processes using the SAP 
Portal, setting forth clear standards that enable statistical agencies 
and units to implement a common application form and a uniform review 
process. The SAP Policy was issued in December of 2022 as OMB 
memorandum 23-04: <a href="https://www.whitehouse.gov/wp-content/uploads/2022/12/M-23-04.pdf">https://www.whitehouse.gov/wp-content/uploads/2022/12/M-23-04.pdf</a>.

The SAP Portal

    The SAP Portal is an application interface connecting applicants 
seeking data with a catalog of metadata for data assets owned by the 
federal statistical agencies and units. The SAP Portal is not a new 
data repository or warehouse; confidential data assets continue to be 
stored in secure data access facilities owned and hosted by the federal 
statistical agencies and units. The Portal provides a streamlined 
application process across agencies, reducing redundancies in the 
application process.

[[Page 5517]]

This single SAP Portal improves the process for applicants, tracking 
and communicating the application process throughout its lifecycle. 
This reduces redundancies and burden on applicants who request access 
to data from multiple agencies. The SAP Portal automates key tasks to 
save resources and time and brings agencies into compliance with the 
Evidence Act statutory requirements.

Data Discovery

    Individuals begin the process of accessing restricted use data by 
discovering confidential data assets through the SAP metadata catalog 
maintained by federal statistical agencies at <a href="http://www.researchdatagov.org">www.researchdatagov.org</a>. 
Potential applicants can search by agency, topic, or keyword to 
identify data of interest or relevance. Once they have identified data 
of interest, applicants can view metadata outlining the title, 
description or abstract, scope and coverage, and detailed methodology 
related to a specific data asset to determine its relevance to their 
research.
    While statistical agencies and units endeavor to include 
information in the SAP metadata catalog on all confidential data assets 
for which they accept applications, it may not be feasible to include 
metadata for some data assets (e.g., potential special tabulations of 
administrative data). A statistical agency or unit may still accept an 
application through the SAP Portal even if the requested data asset or 
special tabulation is not listed in the SAP metadata catalog.

SAP Application Process

    Individuals who have identified and wish to access confidential 
data assets are able to apply for access through the SAP Portal. 
Applicants must create an account and follow all steps to complete the 
application. Applicants begin by entering their personal, contact, and 
institutional information, as well as the personal, contact, and 
institutional information of all individuals on their research team. 
Applicants provide summary information about their proposed project to 
include project title, duration, funding, and timeline. Other details 
provided by applicants include the data asset(s) they are requesting 
and any proposed linkages to data not listed in the SAP metadata 
catalog, including non-federal data sources. Applicants then enter 
detailed information regarding their proposed project, including a 
project abstract, research question(s), literature review, project 
scope, research methodology, project products, and anticipated output. 
Within the application, applicants must demonstrate a need for 
confidential data, outlining why their research question cannot be 
answered using publicly available information.

Submission for Review

    Upon submission of their application, applicants receive a 
notification that their application has been received and is under 
review by the data-owning agency or agencies (in the event where data 
assets are requested from multiple agencies). At this point, applicants 
are notified that application approval does not alone grant access to 
confidential data, and that, if approved, applicants must comply with 
the data-owning agency's security requirements outside of the SAP 
Portal, which may include a background check.
    In accordance with the Evidence Act and the direction of the ICSP, 
agencies will approve or reject an application within a prompt 
timeframe. In some cases, agencies may determine that additional 
clarity, information, or modification is needed and request the 
applicant to ``revise and resubmit'' their application.

Access to Restricted Use Data

    In the event of a positive determination, the applicant is notified 
that their proposal has been accepted. The positive or final adverse 
determination concludes the SAP Portal process. In the instance of a 
positive determination, the data-owning agency (or agencies) contacts 
the applicant to provide instructions on the agency's security 
requirements that must be completed by the applicant to gain access to 
the confidential data. The completion and submission of the agency's 
security requirements take place outside of the SAP Portal.

Collection of Information for Data Security Requirements

    In the instance of a positive determination for an application 
requesting access to an NCSES-owned confidential data asset, NCSES 
contacts the applicant(s) to initiate the process of collecting 
information to fulfill its data security requirements. This process 
allows NCSES to place the applicant(s) in a trusted access category and 
includes the collection of the following information from applicant(s):
    <bullet> Restricted-use licensing agreement--This document is an 
agreement between NCSES and the applicant's organization provisioning 
NCSES's confidential data assets exclusively for statistical purposes 
in accordance with the terms and conditions stated in the agreement and 
all prevailing laws and regulations. The agreement requires signatures 
from the applicant(s) and a senior official at the applicant's 
organization who has the authority to enter the organization into a 
legal agreement with NCSES.
    <bullet> Security plan form--This document requests information 
from the applicant(s) to ensure the confidential data assets are 
protected from unauthorized access, disclosure, or modification. The 
information collected in the security plan form includes the following:
    [cir] planned work location address(es),
    [cir] workstation specifications (make, model, serial number, type, 
and operating system),
    [cir] workstation authorized users,
    [cir] workstation monitor position (to prevent unauthorized 
viewing), and
    [cir] workstation antivirus brand and version.
    In addition, the applicant(s) must initial a series of security 
measures to indicate compliance. Finally, the form requires signatures 
from the applicant(s), a senior official at the applicant's 
organization, and a Information System Security Officer (ISSO) at the 
applicant's organization. The ISSO, in signing the Security plan form, 
assures the inspection and integrity of the applicant's security plan.
    <bullet> Affidavit of nondisclosure form--This document describes 
the confidentiality protections the applicant(s) must uphold and the 
penalties for unauthorized access or disclosure. The form requires 
signatures from the applicant(s) and the principal researcher for the 
project as well as the imprint of a notary public.

Estimate of Burden

    The amount of time to complete the agreements and other paperwork 
that comprise NCSES's security requirements will vary based on the 
confidential data assets requested. To obtain access to NCSES 
confidential data assets, it is estimated that the average time to 
complete and submit NCSES's data security agreements and other 
paperwork is 30 minutes. This estimate does not include the time needed 
to complete and submit an application within the SAP Portal. All 
efforts related to SAP Portal applications occur prior to and separate 
from NCSES's effort to collect information related to data security 
requirements.
    The expected number of applications in the SAP Portal that receive 
a positive determination from NCSES in a given year may vary. Overall, 
per year, NCSES estimates it will collect data security information for 
20 application

[[Page 5518]]

submissions that received a positive determination within the SAP 
Portal. NCSES estimates that the total burden for the collection of 
information for data security requirements over the course of the 
three-year OMB clearance will be about 30 hours and, as a result, an 
average annual burden of 10 hours.

    Dated: January 30, 2026.
Suzanne H. Plimpton,
Reports Clearance Officer, National Science Foundation.
[FR Doc. 2026-02447 Filed 2-5-26; 8:45 am]
BILLING CODE 7555-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>